feat(ecs-patterns): support NLB with TLS listener and target group (#30611)

### Issue # (if applicable)

Closes #8517 

### Reason for this change

NLB support TLS protocol in listener and target group. 
This changes provide a feature parity in ECS patterns, allowing customer to enhance security with encrypted traffic between NLB and services

### Description of changes

- Add `listenerCertificate` to `NetworkLoadBalancedServiceBaseProps`, default value is `none`
- Change the default value of `listenerPort` and `taskImageOptions.containerPort` to 443, if `listenerCertificate` is provided.

### Description of how you validated changes

- Added both unit test and integration test

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: 199911

packages/@aws-cdk-testing/framework-integ/README.md

@@ -6,13 +6,18 @@ See `integ-runner` package or `yarn integ --help` for detailed instructions.
 
 ## Common Errors
 
-### Error: For this test you must provide your own HostedZoneId/HostedZoneName/DomainName
+### Error: For this test you must provide your own HostedZoneId/HostedZoneName/DomainName/Certificate
 
 Some test cases require a publicly available domain name attached to a Amazon Route 53 Hosted Zone to work.
 These test cases need to add DNS records that are then retrieved via the public internet infrastructure. This can be a subdomain to an existing domain, but it must have a Hosted Zone configured and nameservers delegated to it.
 
 If you haven't got one ready, see the [Route 53 guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html) to manually create a hosted zone.
 
+Some test cases require an ACM public certificate on a publicly available domain name to work.
+These test cases need a public certificate which uses DNS for domain ownership validation.
+
+See the [AWS Certificate Manager guide](https://docs.aws.amazon.com/acm/latest/userguide/acm-public-certificates.html) to request an Amazon-Issued certificate.
+
 AWS CDK core team members, please check our team internal docs for guidance on how to configure domains for testing.
 
 #### How to correctly run these tests
@@ -25,12 +30,15 @@ The checked-in snapshot uses dummy values that will not deploy.
 
 - Go to your Hosted Zone and write down the values for `HostedZoneId`, `HostedZoneName` and `DomainName`.
    All values must related to the **same** Hosted Zone.
+- Go to your AWS Certificate Manager and write down the ARN for the `Certificate`
+   The certificate should be attached to a domain name in the **same** Hosted Zone.
 - In your terminal run the following commands:
 
 ```console
 export HOSTED_ZONE_ID=your_hosted_zone_id
 export HOSTED_ZONE_NAME=your_hosted_zone_name
 export DOMAIN_NAME=your_domain_name
+export CERT_ARN=your_certificate_arn
 ```
 
 - Finally, in the same terminal run your specific test case with the **update workflow disabled**. For example: